'''NOTE: this OWASP section of O2 is still under very heavy construction, so for now, please see http://www.o2-ounceopen.com for the latest O2-related updates and downloads'''

+

'''NOTE: this O2 site is still under very heavy construction''' (& most of the content below is related to the previous version of O2)

−

==== Home Page ====

+

==TRY o2 (most recent published version)==

+

+

If you want to try/use O2, follow the instructions in this page: [http://o2platform.com/wiki/O2_Help_-_Installing Installing O2]

+

+

There is an external (to OWASP) experimental O2 website which is currently being used to host the help files and documentation pages: http://www.o2-platform.com

+

+

==NOT up-to-date content==

+

+

==== Home Page====

{| width="100%"

{| width="100%"

Revision as of 04:40, 16 May 2010

NOTE: this O2 site is still under very heavy construction (& most of the content below is related to the previous version of O2)

TRY o2 (most recent published version)

If you want to try/use O2, follow the instructions in this page: Installing O2

There is an external (to OWASP) experimental O2 website which is currently being used to host the help files and documentation pages: http://www.o2-platform.com

NOT up-to-date content

Home Page

About O2

O2Platform on Twitter

O2 is a collection of Open Source modules that help Web Application Security Professionals maximize their efforts and quickly obtain high visibility into an application's security profile. The objective is to 'Automate Application Security Knowledge and Workflows'.

Mailing list, O2 Presentations

You can join the O2 Platform Mailing list using this form or you can read its archives here. After being subscribed you can email this list using the owasp-o2-platform (at) lists.owasp.org email address

In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerabilities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.

Project Details

PROJECT INFOWhat does this OWASP project offer you?

RELEASE(S) INFOWhat does this OWASP project release offer you?

what

is this project?

OWASP O2 Platform Project

Purpose: Collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile. NOTE: most of the O2 Platform content is still on the external website www.o2-ounceopen.com